Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Allow users to pick their own mxid after SSO #8876

Closed
richvdh opened this issue Dec 4, 2020 · 3 comments · Fixed by #8942
Closed

Allow users to pick their own mxid after SSO #8876

richvdh opened this issue Dec 4, 2020 · 3 comments · Fixed by #8942
Assignees
@richvdh
Labels
A-SSO Single Sign-On (maybe OIDC) z-feature (Deprecated Label) z-p2 (Deprecated Label)

Comments

@richvdh
Copy link
Member

richvdh commented Dec 4, 2020

For servers that support login via SSO, it would be nice to give users the option to pick their own userid, rather than assigning them one based on the attributes from the remote identity provider.

Obviously this would need to be configurable by the synapse sysadmin.
@richvdh richvdh self-assigned this Dec 4, 2020
@maxkratz
Copy link
Contributor

maxkratz commented Dec 6, 2020

AFAIK there are implementations of MXID mappers that are able to do this.
Have a look at this one: https://github.com/chaos-jetzt/matrix-synapse-saml-mapper

@richvdh
Copy link
Member Author

richvdh commented Dec 7, 2020

indeed. I wrote that one. The problem with it is that it only works for SAML and we also want to support OIDC. It's also a bit fragile in that it relies on not-really-supported mechanisms to escape the normal SSO flow.

@maxkratz
Copy link
Contributor

maxkratz commented Dec 7, 2020

I wrote that one.

Ahm .. yes, I've should have seen that!

The problem with it is that it only works for SAML and we also want to support OIDC. It's also a bit fragile in that it relies on not-really-supported mechanisms to escape the normal SSO flow.

I fully agree.

This was referenced Dec 11, 2020
Closed
Merged
richvdh added a commit that referenced this issue Dec 15, 2020
@richvdh
Implement a username picker for synapse
fe27941 
Fixes #8876
@richvdh richvdh mentioned this issue Dec 15, 2020
Merged
@erikjohnston erikjohnston added z-feature (Deprecated Label) z-p2 (Deprecated Label) A-SSO Single Sign-On (maybe OIDC) labels Dec 15, 2020
richvdh added a commit that referenced this issue Dec 16, 2020
@richvdh
Push login completion down into SsoHandler (#8941)
e1b8e37 
This is another part of my work towards fixing #8876. It moves some of the logic currently in the SAML and OIDC handlers - in particular the call to `AuthHandler.complete_sso_login` down into the `SsoHandler`.
richvdh added a commit that referenced this issue Dec 16, 2020
@richvdh
Implement a username picker for synapse
ba2370b 
Fixes #8876
richvdh added a commit that referenced this issue Dec 18, 2020
@richvdh
Implement a username picker for synapse (#8942)
28877fa 
The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow
`UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser
back to the client, we redirect to a username-picker resource, which allows the user to enter a username.
We *then* complete the SSO flow (including doing the client permission checks).

The static resources for the username picker itself (in 
https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker)
are essentially lifted wholesale from
https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. 
As the comment says, we might want to think about making them customisable, but that can be a follow-up. 

Fixes #8876.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@richvdh richvdh

Labels
A-SSO Single Sign-On (maybe OIDC) z-feature (Deprecated Label) z-p2 (Deprecated Label)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement a username picker for synapse matrix-org/synapse
3 participants
@richvdh @erikjohnston @maxkratz